Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib: fix null ptr derefs and uninitialized vars (h2/h3) #11739

Closed
wants to merge 3 commits into from
Closed

lib: fix null ptr derefs and uninitialized vars (h2/h3) #11739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bdf54a2
lib: fix null ptr derefs and uninitialized vars (h2/h3)
vszakats Aug 25, 2023
ea30734
fix for null ptr deref in bufq
vszakats Aug 26, 2023
1b2b73e
improved http2 fix
vszakats Aug 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
27 changes: 19 additions & 8 deletions lib/cf-h2-proxy.c
View file
Open in desktop
Expand Up @@ -244,12 +244,17 @@ static ssize_t proxy_nw_in_reader(void *reader_ctx,
CURLcode *err)
{
struct Curl_cfilter *cf = reader_ctx;
struct Curl_easy *data = CF_DATA_CURRENT(cf);
ssize_t nread;

nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, buflen, err);
CURL_TRC_CF(data, cf, "nw_in_reader(len=%zu) -> %zd, %d",
buflen, nread, *err);
if(cf) {
struct Curl_easy *data = CF_DATA_CURRENT(cf);
nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, buflen, err);
CURL_TRC_CF(data, cf, "nw_in_reader(len=%zu) -> %zd, %d",
buflen, nread, *err);
}
else {
nread = 0;
}
return nread;
}

Expand All @@ -258,12 +263,18 @@ static ssize_t proxy_h2_nw_out_writer(void *writer_ctx,
CURLcode *err)
{
struct Curl_cfilter *cf = writer_ctx;
struct Curl_easy *data = CF_DATA_CURRENT(cf);
ssize_t nwritten;

nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, buflen, err);
CURL_TRC_CF(data, cf, "nw_out_writer(len=%zu) -> %zd, %d",
buflen, nwritten, *err);
if(cf) {
struct Curl_easy *data = CF_DATA_CURRENT(cf);
nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, buflen,
err);
CURL_TRC_CF(data, cf, "nw_out_writer(len=%zu) -> %zd, %d",
buflen, nwritten, *err);
}
else {
nwritten = 0;
}
return nwritten;
}

Expand Down
6 changes: 3 additions & 3 deletions lib/http2.c
View file
Open in desktop
Expand Up @@ -1814,10 +1814,10 @@ static CURLcode h2_progress_egress(struct Curl_cfilter *cf,
}

static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
struct stream_ctx *stream,
char *buf, size_t len, CURLcode *err)
{
struct cf_h2_ctx *ctx = cf->ctx;
struct stream_ctx *stream = H2_STREAM_CTX(data);
ssize_t nread = -1;

*err = CURLE_AGAIN;
Expand Down Expand Up @@ -1937,7 +1937,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,

CF_DATA_SAVE(save, cf, data);

nread = stream_recv(cf, data, buf, len, err);
nread = stream_recv(cf, data, stream, buf, len, err);
if(nread < 0 && *err != CURLE_AGAIN)
goto out;

Expand All @@ -1946,7 +1946,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
if(*err)
goto out;

nread = stream_recv(cf, data, buf, len, err);
nread = stream_recv(cf, data, stream, buf, len, err);
}

if(nread > 0) {
Expand Down
8 changes: 5 additions & 3 deletions lib/vquic/curl_ngtcp2.c
View file
Open in desktop
Expand Up @@ -2349,7 +2349,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf,
int rc;
int rv;
CURLcode result;
const struct Curl_sockaddr_ex *sockaddr;
const struct Curl_sockaddr_ex *sockaddr = NULL;
int qfd;

ctx->version = NGTCP2_PROTO_VER_MAX;
Expand Down Expand Up @@ -2395,6 +2395,8 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf,

Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd,
&sockaddr, NULL, NULL, NULL, NULL);
if(!sockaddr)
return CURLE_QUIC_CONNECT_ERROR;
ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
&ctx->q.local_addrlen);
Expand Down Expand Up @@ -2525,8 +2527,8 @@ static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf,

#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(result) {
const char *r_ip;
int r_port;
const char *r_ip = NULL;
int r_port = 0;

Curl_cf_socket_peek(cf->next, data, NULL, NULL,
&r_ip, &r_port, NULL, NULL);
Expand Down
12 changes: 6 additions & 6 deletions lib/vquic/vquic.c
View file
Open in desktop
Expand Up @@ -334,8 +334,8 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf,
goto out;
}
if(!cf->connected && SOCKERRNO == ECONNREFUSED) {
const char *r_ip;
int r_port;
const char *r_ip = NULL;
int r_port = 0;
Curl_cf_socket_peek(cf->next, data, NULL, NULL,
&r_ip, &r_port, NULL, NULL);
failf(data, "QUIC: connection to %s port %u refused",
Expand Down Expand Up @@ -404,8 +404,8 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf,
goto out;
}
if(!cf->connected && SOCKERRNO == ECONNREFUSED) {
const char *r_ip;
int r_port;
const char *r_ip = NULL;
int r_port = 0;
Curl_cf_socket_peek(cf->next, data, NULL, NULL,
&r_ip, &r_port, NULL, NULL);
failf(data, "QUIC: connection to %s port %u refused",
Expand Down Expand Up @@ -464,8 +464,8 @@ static CURLcode recvfrom_packets(struct Curl_cfilter *cf,
goto out;
}
if(!cf->connected && SOCKERRNO == ECONNREFUSED) {
const char *r_ip;
int r_port;
const char *r_ip = NULL;
int r_port = 0;
Curl_cf_socket_peek(cf->next, data, NULL, NULL,
&r_ip, &r_port, NULL, NULL);
failf(data, "QUIC: connection to %s port %u refused",
Expand Down